- Home /
Authenticating a user to a server using a UserId stored in PlayerPrefs
Every question about PlayerPrefs security seems to revolve around securing offline game saves and making them harder to temper with.
My question is different as I have an authoritative server. However, I'm struggling with a way to authenticate users as safely and seemlesly as possible, I'm now thinking of storing a custom auto generated and unique UserId in PlayerPref. The user would than be able to copy it manually into other devices that would then also be able to use the same user account by storing the ID in their own PlayerPrefs.
My questions about PlayerPrefs secure-ness then are:
1. Can a malicious app be able to get access to the PlayerPrefs of another app?
2. Or just, somehow, access them remotely?
3. Are PlayerPrefs somehow accessible to a determined hacker on a locked device (assuming he doesn't know the passcode)?
5. And on PlayerPrefs handling by android and iOS: Are PlayerPrefs wiped for whatever reasons on a device? When the app update? When the OS is updated? Randomly?
6. Am I overthinking this?
Answer by Piflik · Apr 29, 2016 at 01:38 PM
First advice: Don't persistently store login information on the device.
I can answer your 5th point: PlayerPrefs (at least on Android) are wiped, when the appis uninstalled. They persist through updates. And to Question 3: Any information is accessible to a determined hacker.
Why not use the Google/iTunes account for identification?
Thanks for the advices! At this moment, I'm actually using GameCenter/GooglePlay to authenticate user. The thing is, it add a step in the logging process that can be quite long, especially for Game Center apparently. I'd like to speed things up by doing the login entirely between my server and the client.
I'd like to identify them with GooglePlay/GameCenter/Facebook or whatever, only on the first connection from a device.
Your answer
Follow this Question
Related Questions
Prevent players from using Network.Destroy() 3 Answers
You may not be connected when initializing security layer. 1 Answer
Hacking Unity3d Games 1 Answer
Network.Instantiate and the Trusted Client problem 0 Answers
Unity 3 socket secure policy 0 Answers